Working with netflow data has a big advantage, as it reduces the data size remarkably. This comes at the cost of loosing package payload information. What if we try to combine the best of both worlds and have a tool that does that approach?
The workshop explains this approach and gives the students real life hands-on examples. The workshop introduces a new type of network forensics with netflow and pcap.